﻿using Duende.IdentityServer;
using Duende.IdentityServer.Models;
using Duende.IdentityServer.Stores;
using Service.Auth.Api.Application.Query;
using Service.Auth.Model.Enum;

namespace Service.Auth.Api.Extensions
{
    public class MysqlClientStore(
        AuthClientQueryService clientQueryService,
        ClientScopesQueryService clientScopesQueryService)
        : IClientStore
    {
        public async Task<Client> FindClientByIdAsync(string clientId)
        {
            var client = await clientQueryService.QueryClientByClientId(clientId);
            if (client != null)
            {
                var result = new Client();
                result.ClientId = clientId;
                switch (client.GrantTypes)
                {
                    case GrantTypeEnum.ClientCredentials:
                        result.AllowedGrantTypes = GrantTypes.ClientCredentials; break;
                    case GrantTypeEnum.Hybrid:
                        result.AllowedGrantTypes = GrantTypes.Hybrid; break;
                    case GrantTypeEnum.HybridAndClientCredentials:
                        result.AllowedGrantTypes = GrantTypes.HybridAndClientCredentials; break;
                    case GrantTypeEnum.ResourceOwnerPassword:
                        result.AllowedGrantTypes = GrantTypes.ResourceOwnerPassword; break;
                    case GrantTypeEnum.ResourceOwnerPasswordAndClientCredentials:
                        result.AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials; break;
                    default:
                        result.AllowedGrantTypes = GrantTypes.ResourceOwnerPassword; break;
                }
                //刷新令牌模式
                result.AllowedGrantTypes.Add("refresh_token");
                result.AllowedGrantTypes.Add("sms");
                result.ClientSecrets = new List<Secret>() { new Secret(client.ClientSecret.Sha256()) };
                if (client.AllowOpenId)
                    result.AllowedScopes.Add(IdentityServerConstants.StandardScopes.OpenId);
                if (client.AllowProfile)
                    result.AllowedScopes.Add(IdentityServerConstants.StandardScopes.Profile);

                var scopes = await clientScopesQueryService.QueryClientScopesByClientId(clientId);
                if (scopes != null)
                {
                    foreach (var score in scopes)
                    {
                        result.AllowedScopes.Add(score.ScopeId);
                    }
                }
                result.AllowedScopes.Add(IdentityServerConstants.StandardScopes.OfflineAccess);   // 如果要获取refresh_tokens ,必须在scopes中加上OfflineAccess
                result.AccessTokenLifetime = client.TokenTimeOut;   //访问Token生命周期
                result.AbsoluteRefreshTokenLifetime = 2592000;   //RefreshToken的最长生命周期,默认30天
                result.AllowOfflineAccess = true;                            //如果要获取refresh_tokens ,必须把AllowOfflineAccess设置为true
                result.SlidingRefreshTokenLifetime = client.TokenTimeOut;//以秒为单位滑动刷新令牌的生命周期。
                result.RefreshTokenUsage = TokenUsage.OneTimeOnly; // 或 OneTimeOnly + 下面的设置
                result.UpdateAccessTokenClaimsOnRefresh = true;
                return result;
            }
            return null;

        }
    }
}
